From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041114 Firefox/1.0 Description of problem: The general pattern goes like this: Dec 1 11:18:33 cobra kernel: audit(1101917913.660:0): avc: denied { read } for pid=24828 exe=/sbin/ldconfig path=/var/cache/yum/development/packages/libglade-java-2.8.2-1.i386.rpm dev=dm-0 ino=179876 scontext=root:system_r:ldconfig_t tcontext=root:object_r:var_t tclass=file Dec 1 11:19:41 cobra kernel: audit(1101917981.451:0): avc: denied { read write } for pid=24838 exe=/sbin/ldconfig path=socket:[56845] dev=sockfs ino=56845 scontext=root:system_r:ldconfig_t tcontext=root:system_r:unconfined_t tclass=tcp_socket Dec 1 11:19:41 cobra kernel: audit(1101917981.451:0): avc: denied { read write } for pid=24838 exe=/sbin/ldconfig path=socket:[56854] dev=sockfs ino=56854 scontext=root:system_r:ldconfig_t tcontext=root:system_r:unconfined_t tclass=tcp_socket Dec 1 11:19:41 cobra kernel: audit(1101917981.451:0): avc: denied { read write } for pid=24838 exe=/sbin/ldconfig path=socket:[56863] dev=sockfs ino=56863 scontext=root:system_r:ldconfig_t tcontext=root:system_r:unconfined_t tclass=tcp_socket ...etc repeat for every other package being installed. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.19.8-4 How reproducible: Didn't try Steps to Reproduce: Additional info:
I have no idea what is causing this???? I am seeing not seeing this here. I can add a rule dontaudit ldconfig_t unconfined_t:tcp_socket { read write }; Looks like a filedescriptor from rpm is being leaked.
Okay I can't reproduce this either - I tried, but everything works as it should. To provide more detail, however.. the pattern above should actually be: read/write denied on socket... read/write denied on socket... read denied on cached rpm Also, I created a summary of the packages that triggered denials from /var/log/messages, and here it is: [root@cobra log]# grep rpm messages|sed -e s/"cobra".*"packages\/"//|sed -e s/"dev=".*// Dec 1 11:16:14 libselinux-1.19.2-1.i386.rpm Dec 1 11:16:36 alsa-lib-1.0.6-6.i386.rpm Dec 1 11:18:33 libglade-java-2.8.2-1.i386.rpm Dec 1 11:19:41 libgnome-java-2.8.2-1.i386.rpm Dec 1 11:20:21 libgtk-java-2.4.6-1.i386.rpm Dec 1 11:20:40 libgconf-java-2.8.2-1.i386.rpm Dec 1 11:20:49 xorg-x11-libs-6.8.1-21.i386.rpm Dec 1 11:20:50 xorg-x11-Mesa-libGL-6.8.1-21.i386.rpm Dec 1 11:21:20 xorg-x11-Mesa-libGLU-6.8.1-21.i386.rpm Dec 1 11:21:46 xorg-x11-deprecated-libs-6.8.1-21.i386.rpm Dec 1 11:21:48 Xaw3d-1.5E-1.i386.rpm Dec 2 14:20:00 expat-1.95.8-4.i386.rpm Dec 2 14:20:30 isdn4k-utils-3.2-21.i386.rpm Dec 2 14:23:34 boost-1.32.0-2.i386.rpm Dec 2 14:23:51 gtksourceview-1.1.0-4.fc3.i386.rpm Dec 2 14:24:29 procps-3.2.4-1.i386.rpm Dec 2 14:25:02 xorg-x11-libs-6.8.1-22.i386.rpm Dec 2 14:25:03 xorg-x11-Mesa-libGL-6.8.1-22.i386.rpm Dec 2 14:25:08 qt-3.3.3-16.i386.rpm Dec 2 14:25:09 xorg-x11-Mesa-libGLU-6.8.1-22.i386.rpm Dec 2 14:25:47 evolution-2.0.2-6.i386.rpm Dec 2 14:26:52 xorg-x11-deprecated-libs-6.8.1-22.i386.rpm Dec 2 14:27:24 gdm-2.6.0.5-9.i386.rpm [root@cobra log]# Will close bug if I see no more problems in the future.
Closing for now....
..and reopening since the problem isn't going away: Dec 4 15:41:58 glibc-2.3.3-87.i686.rpm Dec 4 15:43:12 cups-libs-1.1.22-4.i386.rpm Dec 4 15:43:15 libselinux-1.19.3-1.i386.rpm Dec 4 15:43:33 ghostscript-7.07-35.i386.rpm Dec 4 15:44:59 evolution-data-server-1.0.2-5.i386.rpm Dec 4 15:46:47 glibc-utils-2.3.3-87.i386.rpm
In all three cases there's a policy load: On Dec 1 after alsa-lib denials, On Dec 2 after isdn4k-utils denials, On Dec 4 after glibc-utils denials, Dec 4 15:47:04 cobra kernel: audit(1102193224.728:0): avc: granted { load_policy } for pid=31728 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
Fixed in selinux-policy-targeted-1.19.14-3
Will wait to confirm - I wasn't able to work on my computer until today (Dec 22), and I was still seeing this denial in today's upgrade. I am now completely relabeling the system with the 1.19.15 policy, and will close the bug if future upgrades do not trigger it.
New denial, with the 1.19.15-4(?) policy. Dec 23 12:45:12 cobra kernel: audit(1103823912.171:0): avc: denied { search } for pid=9533 exe=/sbin/ldconfig name=var dev=dm-0 ino=1168129 scontext=root:system_r:ldconfig_t tcontext=system_u:object_r:var_t tclass=dir during this upgrade: Dependencies Resolved Transaction Listing: Install: kernel.i686 0:2.6.9-1.1049_FC4 Update: gnumeric.i386 1:1.4.1-5 Update: guile.i386 5:1.6.4-16 Update: kernel-doc.noarch 0:2.6.9-1.1049_FC4 Update: libtiff.i386 0:3.7.1-2 Update: libtiff-devel.i386 0:3.7.1-2 Update: lvm2.i386 0:2.00.32-1.0 Update: mikmod.i386 0:3.1.6-33 Update: nc.i386 0:1.10-24 Update: rpmdb-fedora.i386 1:4-0.20041223 Update: selinux-policy-targeted.noarch 0:1.19.15-5 Update: xpdf.i386 1:3.00-14 Here's the neighboring log context: Dec 23 12:45:12 cobra kernel: audit(1103823912.171:0): avc: denied { search } for pid=9533 exe=/sbin/ldconfig name=var dev=dm-0 ino=1168129 scontext=root:system_r:ldconfig_t tcontext=system_u:object_r:var_t tclass=dir Dec 23 12:45:13 cobra kernel: audit(1103823913.031:0): avc: granted { load_policy } for pid=9539 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Dec 23 12:45:13 cobra kernel: security: 3 users, 4 roles, 520 types, 49 bools Dec 23 12:45:13 cobra kernel: security: 54 classes, 33434 rules Dec 23 12:45:13 cobra dbus: avc: received policyload notice (seqno=1) Dec 23 12:45:13 cobra dbus: avc: 3 AV entries and 3/512 buckets used, longest chain length 1 Dec 23 12:45:13 cobra dbus: avc: received policyload notice (seqno=1) Dec 23 12:45:13 cobra dbus: avc: 1 AV entries and 1/512 buckets used, longest chain lengt
Closing this for now... the original bug should be fixed. I have bigger problems with SElinux.